Security
Gravity operates on the Microsoft Power Platform, which is centrally managed within the Microsoft 365 tenant. In order to access Gravity, users must first be established within the Microsoft tenant and adhere to the existing security profiles. Security measures such as Multi-Factor Authentication (MFA), strong passwords, Single Sign On (SSO), and security groups are all managed at the Microsoft level.
After a user has been established at the Microsoft tenant level, they will be assigned one or more security roles in Gravity. These security roles determine the user's permissions for creating, reading, writing, and deleting records. Furthermore, they can also manage row-level security, allowing the user to perform tasks either on their own records or on the entire organization's records.
Microsoft Security Roles are extended in Gravity to include the ability to execute processes like printing documents, posting transactions and printing reports. This is maintained under the Miscellaneous Security Privileges in System Settings.
Finally Gravity provides security on the Entities a user has access to and the processes they can perform.
Note: When custom security roles are created, they must be extended with a Miscellaneous Security Privilege record. See Miscellaneous Security Privlidges
Security Roles are accessed from the https://admin.powerplatform.microsoft.com/ portal. Under Environment settings.
Each Security role can be examined by selecting it and can be copied into a new role.
Gravity provides the following standard security roles:
- Power User
- Can perform all of Gravity's functions including System Settings
- Financial User
- Can only access financial records and financial reports
- Journal Entries
- Bank Book Entries
- Bank Reconciliation
- Budgeting
- AR User
- Can access all Revenue Functions and revenue reports
- Order Entry
- Picking
- Shipping
- Invoice Entry
- Cash Receipts
- Deposit Tickets
- Customers
- AP User
- Can access all Expense Functions and expense reports
- Purchase Order
- Receiving
- AP Automation
- Voucher Entry
- Quick Bill/Check
- Select Checks
- Check Maintenance
- Apply To Maintenance
- Vendors
- AP User Limited
- Similar to the AP User but cannot process payments.
- Read Only User
- Read Only access to all functions and reports
- Administrator
- Access to System Setup options only
- Dashboards
- Access to Gravity's predefined dashboards.
Note: it is recommended to avoid modifying the predefined Gravity security roles and instead create new roles. During an upgrade, the default security roles will be overwritten and any modifications will be lost.
For a detailed list of each security role download the attached file.
User Entity access can either be defined on the user security account or on the Entity record under Entity Configuration
On the user account in the platform settings, select the user and add the Entities under the Financial Entity Access.
On the Entity, select User Access and add users to the Entity.
Gravity extends the security roles with additional privileges. See Miscellaneous Security Privlidges